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November 3, 2017 

Office of the Attorney General 
One Ashburton Place 
Boston, MA 02108 

Office of Consumer Affairs and Business Regulation 
501 Boylston St. 

Suite 5100 
Boston, MA 02116 


To Whom It May Concern: 

Pursuant to Mass. Gen. Laws 93H § 3, this letter is to inform you that data in the 
possession of Wilbraham, Lawler & Buba, P.C. (“WLB”) was potentially breached. WLB is 
a law firm which primarily represents defendants in asbestos, workers’ compensation, and 
other types of personal injury and/or property damage litigation, though it handles other types 
of matters as well. In the course of its work on one or more litigation matters, WLB received 
personal information regarding residents of Massachusetts. WLB was recently the subject of 
a “ransomware” attack, which resulted in the encryption of all of the data on its servers. Law 
enforcement was notified of the attack, and WLB has conducted an internal review of the 
matter. While it does not appear that theft of personal information was the focus of the attack, 
on or about September 19, 2017, WLB became aware of activity consistent with the potential 
access of such information on its systems. 

Depending on the specifics of a given situation, the types of personal information of 
Massachusetts residents in WLB’s systems may have included names and some combination 
of the following: Social Security numbers, addresses, medical information, employment 
information, driver’s license information, settlement documentation and dates of birth. Please 
be advised that credit card or bank account information was not provided to WLB. 

WLB takes the protection of personal information seriously and is taking steps to 
prevent any similar occurrence in the future through the construction of an entirely new 
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computer system. Furthermore, while the investigation to date does not confirm whether any 
Massachusetts resident’s personal information was accessed, on November 3,2017, WLB sent 
a notice to the seventy-five (75) impacted Massachusetts residents. A copy of this notice is 
enclosed. Additionally, WLB has agreed to make identity protection services available to the 
impacted Massachusetts residents for one year free of charge through AllClear ID. 

WLB believes that this letter is compliant with the notice requirements listed in Mass. 
Gen. Laws 93H § 3. If, however, you require additional information or documentation, please 
do not hesitate to contact WLB’s counsel, Christopher Nucifora, Esq. of Kaufman, Dolowich 
& Voluck, LLP at 201-708-8207. Thank you for your time and attention. 


Very truly yours, 


Wilbraham, Lawler & Buba, P.C. 



4814-5781-6402, v. I 
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JOHN Q. SAMPLE 
1234 MAIN STREET 
ANYTOWN US 12345-6789 


NOTICE OF DATA BREACH 


Novembers, 2017 


Dear John Sample, 

We are writing to inform you of an incident that may have involved your personal information. 

What Happened 

Wilbraham, Lawler & Buba t P.C. (“WLB”) is a law firm which represents defendants In asbestos, workers’ compensation 
and other types of personal injury and property damage litigation. In the course of such an action, we received personal 
information regarding you. WLB was recently the subject of a ,, ransomware ,, attack, which resulted in the encryption of all 
of the data on our servers. Law enforcement was notified of the attack, and WLB has conducted an internal review of the 
matter. While it does not appear that theft of personal information was the focus of the attack, on or about September 19, 
2017 we became aware of activity consistent with the potential access of such information on our systems. 

What Information Was Involved 

Depending on the specifics of a given situation, the types of personal information In our systems may have included 
names and some combination of the following: Social Security numbers, addresses, medical information, employment 
Information, driver’s license information, settlement documentation and dates of birth. Please be advised that your credit 
card or bank account information was not provided to us. 

What We Are Doing 


WLB takes the protection of your personal information seriously and is taking steps to prevent any similar occurrence in 
the future through the construction of an entirely new computer system. Furthermore, notice of the breach of our system 
is being provided pursuant to relevant notification statutes. 

What You Can Do? 


While the investigation to date does not confirm whether your personal information was accessed, we want to make you 
aware of steps you may take to guard against identity theft or fraud. Please review the enclosed Information about 
Identity Theft Protection. 

As an added precaution, we have arranged to have AllClear ID protect your identity for 12 months at no cost to you. The 
following identity protection services start on the date of this notice and you can use them at any time during the next 12 
months. 

AllClear Identity Repair: This service is automatically available to you with no enrollment required. If a problem arises, 
simply call 1-855-260-2771 and a dedicated investigator will help recover financial losses, restore your credit and make 
sure your identity is returned to its proper condition. 
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8. If you are not a victim of identity theft, include payment by check, money order, or credit card (Visa, 
MasterCard, American Express or Discover only). Do not send cash through the mail. 

The credit reporting agencies have three (3). business days after receiving your request to place a security freeze on your 
credit report. .The credit bureaus must also send written confirmation to you within.five (5) business days and provide you 
: with a unique personal identification number (PJN) or password, or both that can be used by you to authorize the removal 
or lifting of the security freeze. 

To lift the security freeze in order to aiiow a specific entity or individual access to your credit report, you must calf or send 
a written request to the credit reporting agencies by mail and include proper identification (name, address, and social 
security number) and the PIN number or password provided to you when you placed the security freeze as well as the 
identities of those entities or individuals you would like to receive your credit report or the specific period of time you want 
the credit report available. The credit reporting agencies have three (3) business days after receiving your request to lift 
the security freeze for those identified entities or for the specified period of time. 

To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include 
proper identification (name, address, and social security number) and the PIN number or password provided to you when 
you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove 
the security freeze. 




